naib
[H]ard|Gawd
- Joined
- Jul 26, 2013
- Messages
- 1,289
This appears to be the blockchain: https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
I've basically told my users don't open or look at anything off the domain...going with the "Have a pint at the Winchester and wait for this all to blow over" approach.
The real question is... how long did MS know about this? Sure they patched the flaw once the vault was made public BUT did they know about it for years but kept it open for the NSA?
if MS left it unsecure they need to be punished,
Our analysis indicates the attack, dubbed “WannaCry”, is initiated through an SMBv2 remote code execution in Microsoft Windows. This exploit (codenamed “EternalBlue”) has been made available on the internet through the Shadowbrokers dump on April 14th, 2017 and patched by Microsoft on March 14.
Our department is getting alerts about it. We were getting phishing attempts last week by the thousands. Everyone with a .gov email was getting hit left and right.
Unless you have the smb ports open to the wild... I doubt itAny word on if this is just coming via e-mail or if internet drive-by is also on the list?
So far it seems someone on the LAN opens an emails (word attachment?) that kicks it all off, for that networkThe ransomware WanaCrypt0r 2.0 as local network capabilities means that only having one computer exposed to this ransomware, it could potentially infect with the ransomware all the others computers in the same network, the warm uses the vulnerabilities that were released by the Shadow Brokers that leaked NSA tools.
I thought that this was supposed to have been patched.
Lazy and/or cautious. Patches need testing. The company I work for had to change its patching philosopy now MS bundles patches for Win7. Before hand they would pick, test, deploy. Now they have to patch... then if it looks ok they push out to "ring2" and every now and again something breaks (last set I had caused issues with Excel...) THEN finally everyone... I got a new batch today which I believe was the march set. Which means there are at least 200,000 others where I work without it...It is. But lazy IT departments, haven't picked up the patches yet.
Which means there are at least 200,000 others where I work without it...
Is it possible for a PC to get ransomware while in sleep mode?
Lazy and/or cautious. Patches need testing. The company I work for had to change its patching philosopy now MS bundles patches for Win7. Before hand they would pick, test, deploy. Now they have to patch... then if it looks ok they push out to "ring2" and every now and again something breaks (last set I had caused issues with Excel...) THEN finally everyone... I got a new batch today which I believe was the march set. Which means there are at least 200,000 others where I work without it...
The fact that Microsoft already patched this vulnerability makes me facepalm.
IT departments are fond of saying that they have to validate all new updates just in case they break anything. Maybe this policy should be reconsidered, and - at least for security updates - they should be patched as soon as they go live without any delay for testing.
Sure, having an update break something can be a pain, and can cost you money, but having all your data held for ransom, or stolen is way worse.
I know ive run windows updates up through April, the only ones are the current may ones that we do not have patched. Hopefully that helps us some. We sent out an email reminding people to actually look before they click(probably wont help)
yup, but if some nub of an employee opens an attachment to get it within the network...But even without this patch, SMB ports should be blocked externally.
The fact that Microsoft already patched this vulnerability makes me facepalm.
IT departments are fond of saying that they have to validate all new updates just in case they break anything. Maybe this policy should be reconsidered, and - at least for security updates - they should be patched as soon as they go live without any delay for testing.
Sure, having an update break something can be a pain, and can cost you money, but having all your data held for ransom, or stolen is way worse.
yup, but if some nub of an employee opens an attachment to get it within the network...
The fact that Microsoft already patched this vulnerability makes me facepalm.
IT departments are fond of saying that they have to validate all new updates just in case they break anything. Maybe this policy should be reconsidered, and - at least for security updates - they should be patched as soon as they go live without any delay for testing.
Sure, having an update break something can be a pain, and can cost you money, but having all your data held for ransom, or stolen is way worse.
And equally correctly updated virus definitions... As of 17:15 28 of the major 61 global AV companies have a signature to detect and remove WCry2.0True, but the main vector for this one appears to the SMBv2 flaw. Even on an unpatched system this shouldn't have gotten through a properly configured network.
http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html He said it's likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.
"It has a 'hunter' module, which seeks out PCs on internal networks," Beaumont said. "So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies."
It's a worm
Considering how much the russian gov'n has been affected... I am almost certain this will happenSaid it once and I'll say it again: if the person or persons responsible for creating these kinds of tools and distributing them are ever found, a bullet in the skull cavity is OK with me, I'll even pay for the ammunition.
So much for packages getting to their destinations on time....
Agreed. I absolutely think damage and disruption on this scale is deserving of the death penalty.Said it once and I'll say it again: if the person or persons responsible for creating these kinds of tools and distributing them are ever found, a bullet in the skull cavity is OK with me, I'll even pay for the ammunition.
The fact that Microsoft already patched this vulnerability makes me facepalm.
IT departments are fond of saying that they have to validate all new updates just in case they break anything. Maybe this policy should be reconsidered, and - at least for security updates - they should be patched as soon as they go live without any delay for testing.
Sure, having an update break something can be a pain, and can cost you money, but having all your data held for ransom, or stolen is way worse.
The NHS has no money...What I'd like to know is exactly how long IT departments plan on withholding these updates. I mean, it's been 2 months since this exploit was patched. And it's not like some of these companies (ala FedEx, Russian Interior, NHS) are small scale operations who don't have the budget to be able to test these things and roll them out quickly if safe. And if unsafe, this particular exploit can still be foiled by turning off smbv1 and smbv2 which can be done via Group Policy.
BUT. That said. The only thing that the vulnerability could be used for was infecting other systems on the same network once a seed system was infected. And how have those seed systems been infected? How else? By some luddite opening an email attachment or clicking a link that they shouldn't be. So at the end of the day, the real security threat isn't exploits, it isn't Windows, it isn't ShadowBrokers or the NSA. It's people. Average, uneducated computer using people. Of course, that point will be glossed over because the narrative going forward will be how evil the SB group is and how we need to immediately start punishing anyone who leaks out information like this.
http://money.cnn.com/2017/05/12/technology/ransomware-attack-nsa-microsoft/index.html He said it's likely the ransomware will spread to U.S. firms too. The ransomware is automatically scanning for computers it can infect whenever it loads itself onto a new machine. It can infect other computers on the same wireless network.
"It has a 'hunter' module, which seeks out PCs on internal networks," Beaumont said. "So, for example, if your laptop is infected and you went to a coffee shop, it would spread to PCs at the coffee shop. From there, to other companies."
It's a worm
Oh, man, I better patch my home network!
I learned a long time ago, I don't trust any critical system to Microsoft.
Agreed. I absolutely think damage and disruption on this scale is deserving of the death penalty.
what if this was released by MS to make people wake up to windows10 ?ok, I accept Microsoft's explanation for forcing everyone onto Windows 10
Here have my tin foil hat. You need it more than me.what if this was released by MS to make people wake up to windows10 ?
http://windowsitpro.com/patch-tuesday/patch-tuesday-kb3023607-breaks-cisco-anyconnect-heres-fix
Patch Tuesday: KB3023607 Breaks Cisco AnyConnect, Here's a Fix (2015)...
And there have been more recent examples